Measuring the Enforcement of the 20 Top Critical Security Controls
*Metrics and Methodologies*

The top 20 critical security controls (CSC) have been widely used in both industry and government enterprises to enhance and enforce cybersecurity. A genuine effort has been made (by NSA, NIST, SANS, CyberSecurity Council, and others) to establish these CSC as foundations for identifying best practices in cybersecurity that can be systematically validated, measured, and enforced. In this project, UNC Charlotte and GMU teams will leverage their long expertise insecurity metrics to develop objective metrics and measurement methodologies based on the science of security for measuring the effectiveness of existing technologies in implementing CSCs. We selected 16 CSCs that, we think, are the most top priority ones to focus on at this stage.